Responding to advanced data threats and ransomware attacks through collaboration

The threat landscape is bifurcated between fast and destructive ransomware attacks and slow and quiet advanced threat actors, leading organizations to focus on endpoint, identity, cloud and threat network security.

These developments have led to Corelight Inc. and Mandiant Inc. establishing a collaboration in which Mandiant leverages the capabilities of Corelight technology for its response initiatives and managed defense services. Simultaneously, Corelight has seamlessly integrated its technology across components of the Google platform. This synergy with the Google platform spans areas, such as the Chronicle Security Operations suite and Packet Mirroring services, which all underline the necessity of network visibility and threat intelligence in cybersecurity.

“What we really see organizations doing is kind of doubling down on four big areas. They need an endpoint, they need identity, they need cloud and they need a threat network,” said Brian Dye (pictured), chief executive officer of Corelight. “What those really represent is a balance of depth versus breadth and how you get the right intelligence to go and find these advanced attackers, especially when what you’re essentially doing is looking back in time.”

Dye spoke with theCUBE industry analysts Rebecca Knight and John Furrier at the mWISE Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the need to prioritize network security, threat hunting and the human artificial intelligence partnership in order to detect and respond to advanced threats and ransomware attacks. (* Disclosure below.)

Defenders advantage

When it comes to managing the growing intricacies of data networks and the difficulties of safeguarding against attackers, professionals should focus on prioritizing their efforts in the stages of reconnaissance, command and control as lateral movement, according to Dye. This approach allows defenders to capitalize on opportunities to apprehend attackers.

“We often find defenders are kind of thinking about … the attacker advantage, where they only have to win once and the defender has to get it right every time,” Dye said. “There’s actually a defender advantage where you want to position yourselves and focus your efforts where you have multiple chances to get the attacker.”

Dye concluded that there are stealthy techniques being used that cannot be detected. As a result, you need both live threat detections and a broad-based view of the data to effectively respond to and hunt for these threats.

“You’ve got a bunch of stealthy techniques that folks are [using] that will not and cannot actually drive detection threat,” Dye said. “You’re not going to alert on PowerShell just because there’s PowerShell within an organization. There’s PowerShell everywhere, that’s not the problem.”

Utilizing generative AI

In the past few years, the enterprise has witnessed a rapid rise in network vulnerabilities, which has made it simpler for attackers to infiltrate organizations without being noticed. While in today’s business landscape, it is unfortunately unavoidable to encounter attacks and security breaches, according to Dye. This is primarily because there are factors at play, such as the rise in vulnerabilities within networks and the diverse motives driving incursions in different parts of the world. Therefore, it becomes crucial to place reliance on network evidence and promptly identify any indicators of compromise or attacks.

“Phishing and social engineering continue to be very big. Network-based vulnerabilities that have been disclosed over the past year have never been higher,” Dye said. “If you look at the last five years, the last 12 months we’ve seen more broad-based network vulnerabilities than ever.”

Organizations are facing challenges when it comes to adopting technologies. Some are embracing these technologies aggressively, while others are completely banning them. Defenders are seeking assistance in interpreting alerts for investigations emphasizing the significance of the partnership between humans and AI in cybersecurity, Dye explained. Additionally, there is a growing need for a class to address defenders’ various requirements, considering the future of generative AI will involve the adoption and tackling of new attack vectors driven by AI.

“Generative AI and the image generation, the voice generation … that’s all going to accelerate the pace and the speed of attack development. It’s not necessarily going to create new attack types. It’s going to accelerate the development of the existing ones,” Dye said. “So, then you need defenders; they’re going to focus on how can I actually radically improve the speed of response of my tier one and the automation of my tier one against these common but very fast attack types.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the mWISE Conference:

(* Disclosure: Corelight Inc. sponsored this segment of theCUBE. Neither Corelight nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE